Title :
Federated autonomic Network Access Control
Author :
Foley, Simon N. ; Fitzgerald, William M. ; Adams, Wayne Mac
Author_Institution :
Dept. of Comput. Sci., Univ. Coll. Cork, Cork, Ireland
fDate :
Oct. 31 2011-Nov. 1 2011
Abstract :
Network Access Controls (NAC) are widely used to provide endpoint security typically complementing existing application-based security controls. NAC security mechanisms, for instance firewalls, are routinely prescribed as requirements for compliance to security standards such as PCI-DSS and ISO 27000. However, the effectiveness of a NAC configuration may be hampered by poor understanding and/or management of the overall security configuration, which may in turn, unnecessarily expose the enterprise to known security threats. New threats and/or service requirements often result in firefighting by ad-hoc modification to an already large and complex configuration. This complexity is further compounded by the diverse range of NAC mechanisms used to secure an enterprise; ranging from firewalls and proxies to NAC-style controls within applications themselves. As a consequence, it can be difficult to ensure that the current NAC configuration is effective, that is, it sufficiently mitigates threats while providing necessary access to services. Ensuring ongoing best-practice NAC administration can be costly as it requires expert knowledge in a rapidly changing field.
Keywords :
authorisation; computer network security; peripheral interfaces; ISO 27000; NAC security mechanisms; PCI- DSS; application-based security controls; endpoint security; expert knowledge; federated autonomic network access control; security configuration; security standards; security threats; Access control; Best practices; IP networks; Knowledge based systems; Ontologies; Servers;
Conference_Titel :
Configuration Analytics and Automation (SAFECONFIG), 2011 4th Symposium on
Conference_Location :
Arlington, VA
Print_ISBN :
978-1-4673-0401-6
Electronic_ISBN :
978-1-4673-0400-9
DOI :
10.1109/SafeConfig.2011.6111668
